NotCVE - vendor:"Unknown" product:"Carousel Slider" version:"

7 results (0.003 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-45269 – Carousel Slider <= 1.10.2 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2024-45269

30 Aug 2024 — WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site. El complemento "Carousel Slider" de WordPress proporcionado por Sayful Islam contiene una vulnerabilidad de cross-site request forgery en la función de selección de imágenes de Carousel. Al iniciar ses... • https://github.com/sayful1/carousel-slider • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-45270 – Carousel Slider <= 2.2.3 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2024-45270

30 Aug 2024 — WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site. El complemento "Carousel Slider" de WordPress proporcionado por Sayful Islam contiene una vulnerabilidad de cross-site request forgery en la función de selección de imágenes de héroe. Mientras se está cone... • https://github.com/sayful1/carousel-slider • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2024-6850 – Carousel Slider < 2.2.14 - Editor+ Stored XSS

https://notcve.org/view.php?id=CVE-2024-6850

23 Aug 2024 — The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed The Carousel Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.2.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level pe... • https://wpscan.com/vulnerability/c06995cb-1685-4751-811f-aead52a597a7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2024-4372 – Carousel Slider < 2.2.11 - Editor+ Stored XSS

https://notcve.org/view.php?id=CVE-2024-4372

30 Apr 2024 — The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks El complemento Carousel Slider de WordPress anterior a 2.2.11 no sanitiza ni escapa a algunos parámetros, lo que podría permitir a los usuarios con un rol tan bajo como el de editor realizar ataques de Cross Site Scripting. The Carousel Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url ... • https://wpscan.com/vulnerability/13dcfd8a-e378-44b4-af6f-940bc41539a4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2

CVE-2024-3703 – Carousel Slider < 2.2.10 - Editor+ Stored XSS

https://notcve.org/view.php?id=CVE-2024-3703

12 Apr 2024 — The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks El complemento Carousel Slider de WordPress anterior a 2.2.10 no valida ni escapa algunas de sus opciones de diapositiva antes de devolverlas a la página/publicación donde está incrustado el código abreviado de diap... • https://github.com/Bi0x/CVE-2024-37032 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2024-1712 – Carousel Slider < 2.2.7 - Editor+ Stored XSS

https://notcve.org/view.php?id=CVE-2024-1712

25 Mar 2024 — The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El complemento Carousel Slider de WordPress anterior a 2.2.7 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cro... • https://wpscan.com/vulnerability/23805a61-9fcd-4744-a60d-05c8cb43ee01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-41848 – WordPress Carousel Slider plugin <= 2.2.2 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2023-41848

05 Sep 2023 — Missing Authorization vulnerability in Majeed Raza Carousel Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carousel Slider: from n/a through 2.2.2. The Carousel Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_optin_optout() function hooked via 'admin_init' in versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to opt in and opt out of tracki... • https://patchstack.com/database/wordpress/plugin/carousel-slider/vulnerability/wordpress-carousel-slider-plugin-2-2-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •